Exam (elaborations)
CCNP and CCIE Security Core SCOR 350-701 Exam with complete solution 2024_2025
- Course
- Institution
CCNP and CCIE Security Core SCOR 350-701 Exam with complete solution 2024_2025
[Show more]
Content preview
CCNP and CCIE Security Core SCOR 350-701 Exam with complete solution
2024/2025
A(n) ____ is a layer 2 broadcast domain - ANSWER-VLAN
A VLAN is a layer ____ ____ domain - ANSWER-2, broadcast
The standard protocol for VLAN tagging - ANSWER-802.1Q
True or False: Trunk autonegotiation should be enabled in for redundancy -
ANSWER-False
True or False: Trunk autonegotiation is a security risk and should be disabled -
ANSWER-True
The technique that uses a single router interface to perform inter-VLAN routing -
ANSWER-Router-on-a-stick (ROAS)
Spanning Tree Protocol (STP) is ____ (disabled, enabled) on switches by default -
ANSWER-Enabled
The protocol designation for Spanning Tree Protocol (STP) - ANSWER-802.1D
In Spanning Tree Protocol (STP), the switch with the ____ bridge ID becomes the
root bridge - ANSWER-Lowest
Spanning Tree Protocol (STP) messages are known as ____ - ANSWER-Bridge
Protocol Data Units (BPDUs)
,Spanning Tree Protocol (STP) has a different instance for each ____ - ANSWER-
VLAN
Types of ports in Spanning Tree Protocol (STP) - ANSWER-Root, designated,
nondesignated
In Spanning Tree Protocol (STP), the switch port that is closest to the root bridge
is the ____ port - ANSWER-Root
In Spanning Tree Protocol (STP), the switch port that receives the best BPDU is
the ____ port - ANSWER-Root
In Spanning Tree Protocol (STP), the switch port that is sending the best BPDU is
the ____ port - ANSWER-Designated
In Spanning Tree Protocol (STP), the switch ports that do not forward packets in
order to prevent switching loops are ____ ports - ANSWER-Nondesignated
In Spanning Tree Protocol (STP), ports with newly attached devices wait at total
of ____ seconds looking for BPDUs before allowing traffic - ANSWER-30
In Spanning Tree Protocol (STP), the ____ state is the first ____ seconds after a
port comes up in which the switch is only looking for ____ - ANSWER-Listening,
15, BPDUs
In Spanning Tree Protocol (STP), the ____ state is the second ____ seconds after
a port comes up in which the switch is looking for ____ and recording ____ -
ANSWER-Learning, 15, BPDUs, MAC addresses
In Spanning Tree Protocol (STP), if a port is in a blocking state, there may be an
additional ____-second wait while the switch ensures that the parallel path is
gone - ANSWER-20
This can be configured on a switchport using Spanning Tree Protocol (STP) to
prevent the ports from going into the listening and learning states - ANSWER-
PortFast
Protocol designation for Rapid Spanning Tree Protocol (RSTP) - ANSWER-802.1W
802.1W specifies ____ - ANSWER-Rapid Spanning Tree Protocol (RSTP)
,802.1D specifies ____ - ANSWER-Spanning Tree Protocol (STP)
Newer alternative to Spanning Tree Protocol (STP) that shortens the delay
between a port coming up and the host on that port being able to send traffic -
ANSWER-Rapid Spanning Tree Protocol (RSTP)
True or False: The native VLAN should only be used for guest access - ANSWER-
False
True or False: The native VLAN should be left as the default, VLAN 1 - ANSWER-
False
True or False: The native VLAN should be a number other than 1, should be
unused, and should not have any enabled access ports assigned to it - ANSWER-
True
Access ports should be configured as ____ and Dynamic Trunking Protocol (DTP)
should be ____ - ANSWER-Access ports, disabled
____ should be used on switchports to limit the number of MAC addresses that
can be learned from them - ANSWER-Port security
Spanning Tree Protocol (STP) ____ can be used to block a port if BPDUs are seen
when they shouldn't be - ANSWER-BPDU Guard
Spanning Tree Protocol (STP) ____ can be used to control which ports are
allowed to become root ports - ANSWER-Root Guard
Cisco Discovery Protocol (CDP) should be disabled on any ports that face ____
networks - ANSWER-Untrusted
Ports on newly-deployed switches should should be ____ and assigned to a(n)
____ that is not used, then ____ one at a time and assigned to the correct ____ -
ANSWER-Shut down, VLAN, no shut, VLAN
Disabling Dynamic Trunking Protocol (DTP) on an access port prevents an
attacker from performing ____ by tagging frames with the VLAN of choice, as well
as preventing other malicious activities - ANSWER-VLAN hopping
This Layer 2 tool prevents a device from advertising itself as a DHCP server
unless it is connected to an appropriate port - ANSWER-DHCP snooping
, This IPv4 Layer 2 tool prevents hosts from spoofing Layer 2 information -
ANSWER-Dynamic ARP inspection (DAI)
This tool prevents a host from spoofing an IP address - ANSWER-IP Source
Guard
Layer 2 tool that forces hosts to authenticate before allowing them to send
frames into the network - ANSWER-802.1X
Layer 2 tool that limits the amount of broadcast or multicast traffic flowing
through the switch - ANSWER-Storm Control
True or False: End devices can sometimes legitimately send BPDUs - ANSWER-
False
True or False: End devices will never legitimately send BPDUs - ANSWER-True
Do this to bring a port out of err-disabled status - ANSWER-Bounce the port
True or False: A port can be configured to bring itself back up from an err-disable
state - ANSWER-True
True or False: Ports in an err-disable state must be brought back up manually -
ANSWER-False
This tool can be used to prevent a user from attaching multiple devices to a rogue
switch and then to a single legitimate access port, or using a tool to flood the
MAC address table - ANSWER-Port security
Type of attack where a switch's MAC address table is filled up with bogus MAC
addresses, causing the switch to flood all frames - ANSWER-Content-addressable
memory (CAM) table overflow
Tool that prevents content-addressable memory (CAM) table overflow attacks -
ANSWER-Port security
Tool that prevents DHCP starvation attacks - ANSWER-Port security
Type of attack where a rogue device uses all available IP addresses so that
legitimate users cannot connect - ANSWER-DHCP starvation
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller tuition. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $11.49. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
78861 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now